Tomb Raider 2 gold
How to crack Tomb Raider 2 gold (full net) and some tips regarding demo version games ( if u didn't know them)
Eidos gived us 3 weekz ago , i think , a full working Tomb Raider 2 gold ...with 5 new levels (the levels from the original Tomb Raider r not included) , but 5 levels 4 free is a beautifull thing 4 us...What is happening? Eidos gives away free software? ANSWER:NO! , this version of Tomb Raider is made only 4 those who actualy own the original cd (or the pirated copy,haha),but not 4 us , the guyz who don't have it ...but we have a exe...a data folder with level files and sfx'z , dll'z....we run the exe and he demand'z something that is not needed:THE CD!...we gonna fix this thing...and only with win 32 dasm!
So disassemle t2gold.exe in win32dasm (u can try with idapro but i'm not sure that u will get all the stringz...) We try 2 look 4 the string "please insert tomb raider2 gold cd" -no string (there r some dialogid'z out there , but sux...i tried and does nothing , only some crashes)....that means that the exe demands a file from de cd....yeah...let's examine well those strings and see if contains a file that could be on the cd....ok...the only suspicious file is cdaudio , and is very relevant...the exe tries 2 play us some good music and does not find the cdaudio file located only on the tomb raider cd --> where is the cd?
Found the string? ok , now click on it and u will land here:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045556B(C)
|
* Reference To: WINMM.mciSendCommandA, Ord:0032h
|
:0045558D 8B3548324600 mov esi, dword ptr [00463248]
:00455593 8D4C2410 lea ecx, dword ptr [esp+10]
:00455597 51 push ecx
:00455598 6800200000 push 00002000
:0045559D 6803080000 push 00000803
:004555A2 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"cdaudio"-U R HERE!!!!!
|
:004555A4 C74424284CAD4600 mov [esp+28], 0046AD4C
:004555AC FFD6 call esi
:004555AE 85C0 test eax, eax
:004555B0 7523 jne 004555D5
Now u should check out that conditional jump before
the string....so click "goto" and type "0045556b" .U should be here:
:00455560 83EC20 sub esp, 00000020
:00455563 56 push esi
:00455564 E89760FFFF call 0044B600
:00455569 85C0 test eax, eax -TEST'Z U KNOW WHAT
:0045556B 7520 jne 0045558D -JUMPS U KNOW WHERE
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045558B(C)
|
:0045556D A130AF4D00 mov eax, dword ptr [004DAF30]
:00455572 50 push eax
So lets just remove that jump 2 see what happens.....
Enter any hexeditor , look at the offset in win32dasm,write the offset in hexeditor, now reverse the jne to a je (make the 75 a 74) and run...wow! works...and another 10 minutes crack...
NOTE: This version of Tomb Raider contains only 5 levels ...i will teach u a trick that works with most of the demos.. What r game demos ? Game demos r a full version of the game (not debugged etc..) with level files ripped, tracks ,cars ...and a exe modifyed with some nops so that we don not acces all features, these r often uncrackable coz they ripped all the code ...sux
But we can always make some tricks to have a little more than a demo version ....examples : the demos of need 4 speed III & IV , from EA ....in these demos we have one car and one track... sux ....but we can do something 2 fix that...we know that the web if full of tracks and cars for the FULL version of NFS,BUT WE?THOSE WHO DON'T HAVE THE ORIGINAL CD? We explore a little the NFS directory...the CARS directory ....hmm , only one folder (if nfs4 2 folders), that means one little car , right? Download from the net all cars u wannt and put one of them in that folder and u will play the demo with that car...now u think that playng one single track over and over sux right? so download the nfs tracks and do the same thing....u can apply the same trick with tomb raider 3 demo , just put any level file in the data dir , rename it to the name of the demo level and....
